tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

drm/vesadrm: Avoid NULL-ptr deref in vesadrm_pmi_cmap_write()

Only set PMI fields if the screen_info's Vesa PM segment has been
set. Vesa PMI is the power-management interface. It also provides
means to set the color palette. The interface is optional, so not
all VESA graphics cards support it. Print vesafb's warning [1] if
the hardware palette cannot be set at all.

If unsupported the field PrimaryPalette in struct vesadrm.pmi is
NULL, which results in a segmentation fault. Happens with qemu's
Cirrus emulation.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 814d270b31d2 ("drm/sysfb: vesadrm: Add gamma correction")
Link: https://elixir.bootlin.com/linux/v6.15/source/drivers/video/fbdev/vesafb.c#L375 # 1
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Acked-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://lore.kernel.org/r/20250617140944.142392-1-tzimmermann@suse.de

Thomas Zimmermann 615cc422 f6faebc1

+9 -4
+9 -4
drivers/gpu/drm/sysfb/vesadrm.c
··· 362 362 363 363 if (!__screen_info_vbe_mode_nonvga(si)) { 364 364 vesa->cmap_write = vesadrm_vga_cmap_write; 365 - #if defined(CONFIG_X86_32) 366 365 } else { 366 + #if defined(CONFIG_X86_32) 367 367 phys_addr_t pmi_base = __screen_info_vesapm_info_base(si); 368 - const u16 *pmi_addr = phys_to_virt(pmi_base); 369 368 370 - vesa->pmi.PrimaryPalette = (u8 *)pmi_addr + pmi_addr[2]; 371 - vesa->cmap_write = vesadrm_pmi_cmap_write; 369 + if (pmi_base) { 370 + const u16 *pmi_addr = phys_to_virt(pmi_base); 371 + 372 + vesa->pmi.PrimaryPalette = (u8 *)pmi_addr + pmi_addr[2]; 373 + vesa->cmap_write = vesadrm_pmi_cmap_write; 374 + } else 372 375 #endif 376 + if (format->is_color_indexed) 377 + drm_warn(dev, "hardware palette is unchangeable, colors may be incorrect\n"); 373 378 } 374 379 375 380 #ifdef CONFIG_X86